The first step to securing your environment is to develop and implement enforceable information security policies and supporting processes. There are no one-size-fits-all policies. Take a closer look at this very useful infographic. Source